package org.jfrog.security.crypto;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.annotation.Nonnull;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.util.encoders.Hex;
import org.jfrog.security.crypto.encrypter.BytesEncrypterHelper;
import org.jfrog.security.crypto.exception.CryptoException;
import org.jfrog.security.crypto.exception.CryptoRuntimeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jfrog/security/crypto/JFrogCryptoHelper.class */
public abstract class JFrogCryptoHelper {
    static final String ASYM_ALGORITHM = "RSA";
    public static final String COLON = ":";
    public static final String AES_ALGORITHM = "AES";
    static final String AES_CYPHER_INSTANCE = "AES/CBC/PKCS5Padding";
    static final String AES_SYM_ALGORITHM = "PBKDF2WithHmacSHA1";
    static final int AES_ITERATION_COUNT = 65536;
    static final int AES_KEY_SIZE = 128;
    static final String DESEDE_SYM_ALGORITHM = "PBEWithSHA1AndDESede";
    private static final int PBE_ITERATION_COUNT = 20;
    private static final int DEFAULT_KEY_SIZE = 512;
    private static final Logger log = LoggerFactory.getLogger(JFrogCryptoHelper.class);
    private static final byte[] AES_SALT = {-11, -19, 81, -102, 81, -109, 50, 118};
    private static final byte[] PBE_SALT = {-54, -2, -70, -66, -21, -85, -17, -84};
    public static final Map<CipherAlg, String> SymCipherPBE = createSymCipherPBEMap();

    private static Map<CipherAlg, String> createSymCipherPBEMap() {
        HashMap hashMap = new HashMap();
        hashMap.put(CipherAlg.DESede, DESEDE_SYM_ALGORITHM);
        hashMap.put(CipherAlg.AES128, AES_SYM_ALGORITHM);
        return hashMap;
    }

    private JFrogCryptoHelper() {
    }

    public static String generateUniqueApiKeyToken() throws GeneralSecurityException {
        return EncodingType.ARTIFACTORY_API_KEY.encode(EncodingType.stringToBytes(String.valueOf(System.currentTimeMillis()) + ":" + UUID.randomUUID().toString()));
    }

    public static KeyPair generateKeyPair() {
        return generateKeyPair(DEFAULT_KEY_SIZE);
    }

    public static KeyPair generateKeyPair(int i) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ASYM_ALGORITHM);
            keyPairGenerator.initialize(i, SecureRandom.getInstance("SHA1PRNG"));
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new CryptoRuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyPair convertToKeyPair(byte[] bArr, byte[] bArr2) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(ASYM_ALGORITHM);
            return new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(bArr2)), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr)));
        } catch (Exception e) {
            throw new CryptoRuntimeException("Failed to create KeyPair from provided encoded keys", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey convertToPublicKey(byte[] bArr) {
        try {
            return KeyFactory.getInstance(ASYM_ALGORITHM).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (Exception e) {
            throw new CryptoRuntimeException("Failed to create PublicKey from provided encoded key", e);
        }
    }

    public static SecretKey generatePbeKeyFromKeyPair(KeyPair keyPair) {
        return generatePbeKey(EncodingType.bytesToString(Base64.encodeBase64(keyPair.getPrivate().getEncoded())));
    }

    public static SecretKey generatePbeKey(String str) {
        try {
            return SecretKeyFactory.getInstance(DESEDE_SYM_ALGORITHM).generateSecret(new PBEKeySpec(str.toCharArray()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new CryptoRuntimeException(e);
        }
    }

    public static SecretKey generateAesKeyFromKeyPair(KeyPair keyPair) {
        return generateAesKeyFromPrivateKeyBytes(keyPair.getPrivate().getEncoded());
    }

    public static SecretKey generateAesKeyFromPrivateKeyBytes(byte[] bArr) {
        byte[] bArr2 = new byte[AES_SALT.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[(2 * AES_SALT.length) + bArr.length];
        System.arraycopy(AES_SALT, 0, bArr3, 0, AES_SALT.length);
        System.arraycopy(bArr, 0, bArr3, AES_SALT.length, bArr.length);
        System.arraycopy(AES_SALT, 0, bArr3, AES_SALT.length + bArr.length, AES_SALT.length);
        return generateAesKeyUsingPbe(JFrogBase58.encode(JFrogBase58.getSha256MessageDigest().digest(bArr3)), bArr2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey generateAesKeyUsingPbe(String str, byte[] bArr) {
        if (bArr == null) {
            try {
                bArr = AES_SALT;
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new CryptoRuntimeException(e);
            }
        }
        return new SecretKeySpec(SecretKeyFactory.getInstance(AES_SYM_ALGORITHM).generateSecret(new PBEKeySpec(str.toCharArray(), bArr, AES_ITERATION_COUNT, AES_KEY_SIZE)).getEncoded(), AES_ALGORITHM);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey generateAesKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AES_ALGORITHM);
            keyGenerator.init(AES_KEY_SIZE);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            log.error("Could not generate key. {}", e.getMessage());
            log.trace("Could not generate key.");
            throw new RuntimeException("Could not generate key. " + e.getMessage());
        }
    }

    public static String generateAES128SymKey() {
        SecretKey generateAesKey = generateAesKey();
        try {
            return JFrogEnvelop.encode(EncodingType.SYMMETRIC_KEY, BytesEncrypterHelper.keyIdFromKey(generateAesKey.getEncoded()), CipherAlg.AES128, generateAesKey.getEncoded());
        } catch (CryptoException e) {
            throw new RuntimeException("Can't generate keyId", e);
        }
    }

    static SecretKey loadAesKeyFromFile(File file) {
        if (file == null) {
            throw new IllegalArgumentException("Key file must be supplied");
        }
        if (!file.exists()) {
            throw new RuntimeException("Could not find key file: " + file.getAbsolutePath());
        }
        try {
            BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
            try {
                String readLine = bufferedReader.readLine();
                byte[] bytes = StringUtils.isNotBlank(readLine) ? sanitizedKey(readLine).getBytes() : null;
                validateAesKey(bytes);
                SecretKey aesSecret = getAesSecret(Hex.decode(bytes));
                bufferedReader.close();
                return aesSecret;
            } finally {
            }
        } catch (IOException e) {
            log.error("Could not load key. {}", e);
            log.trace("Could not load key.");
            throw new CryptoRuntimeException("Could not load key. " + e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public static SecretKey aesFromString(String str) {
        String sanitizedKey = sanitizedKey(str);
        validateAesKey(sanitizedKey);
        return getAesSecret(Hex.decode(sanitizedKey));
    }

    public static SecretKey getAesSecret(byte[] bArr) {
        return new SecretKeySpec(bArr, AES_ALGORITHM);
    }

    private static String sanitizedKey(String str) {
        return StringUtils.isNotBlank(str) ? StringUtils.substringBefore(str, System.lineSeparator()).trim() : "";
    }

    public static AesEncryptData encryptAes(byte[] bArr, SecretKey secretKey) {
        if (!AES_ALGORITHM.equals(secretKey.getAlgorithm())) {
            throw new IllegalArgumentException("This method encrypts using AES keys only not " + secretKey.getAlgorithm());
        }
        try {
            Cipher cipher = Cipher.getInstance(AES_CYPHER_INSTANCE);
            cipher.init(1, secretKey);
            return new AesEncryptData((IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class), cipher.doFinal(bArr));
        } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidParameterSpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptoRuntimeException(e);
        }
    }

    public static byte[] decryptAes(AesEncryptData aesEncryptData, SecretKey secretKey) {
        if (!AES_ALGORITHM.equals(secretKey.getAlgorithm())) {
            throw new IllegalArgumentException("This method encrypts using AES keys only not " + secretKey.getAlgorithm());
        }
        try {
            Cipher cipher = Cipher.getInstance(AES_CYPHER_INSTANCE);
            cipher.init(2, secretKey, aesEncryptData.getInitVector());
            return cipher.doFinal(aesEncryptData.getEncryptedData());
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptoRuntimeException(e);
        }
    }

    public static byte[] encryptSymmetric(byte[] bArr, SecretKey secretKey) {
        if (AES_ALGORITHM.equals(secretKey.getAlgorithm())) {
            throw new IllegalArgumentException("This method cannot encrypt using AES keys!");
        }
        try {
            Cipher cipher = Cipher.getInstance(DESEDE_SYM_ALGORITHM);
            cipher.init(1, secretKey, new PBEParameterSpec(PBE_SALT, PBE_ITERATION_COUNT));
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new CryptoRuntimeException(e);
        }
    }

    public static byte[] decryptSymmetric(byte[] bArr, SecretKey secretKey) {
        if (AES_ALGORITHM.equals(secretKey.getAlgorithm())) {
            throw new IllegalArgumentException("This method cannot decrypt using AES keys!");
        }
        try {
            Cipher cipher = Cipher.getInstance(DESEDE_SYM_ALGORITHM);
            cipher.init(2, secretKey, new PBEParameterSpec(PBE_SALT, PBE_ITERATION_COUNT));
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new CryptoRuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] encryptAsymmetric(byte[] bArr, PublicKey publicKey) {
        try {
            Cipher cipher = Cipher.getInstance(ASYM_ALGORITHM);
            cipher.init(1, publicKey);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new CryptoRuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] decryptAsymmetric(byte[] bArr, PrivateKey privateKey) {
        try {
            Cipher cipher = Cipher.getInstance(ASYM_ALGORITHM);
            cipher.init(2, privateKey);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new CryptoRuntimeException(e);
        }
    }

    public static EncodedKeyPair encodeKeyPair(KeyPair keyPair) {
        return new EncodedKeyPair(EncodingType.SAVED_PRIVATE_KEY.encode(keyPair.getPrivate().getEncoded()), EncodingType.SAVED_PUBLIC_KEY.encode(keyPair.getPublic().getEncoded()));
    }

    public static String debugMessageForSensitiveStrings(String... strArr) {
        StringBuilder sb = new StringBuilder("[");
        for (String str : strArr) {
            if (sb.length() > 1) {
                sb.append(',');
            }
            if (str == null) {
                sb.append("null");
            } else {
                sb.append('\'');
                int i = 0;
                while (true) {
                    if (i >= str.length()) {
                        break;
                    }
                    char charAt = str.charAt(i);
                    if (i < 4) {
                        sb.append(charAt);
                    } else {
                        sb.append('X');
                    }
                    if (i >= 10) {
                        sb.append('_').append(str.length());
                        break;
                    }
                    i++;
                }
                sb.append('\'');
            }
        }
        sb.append(']');
        return sb.toString();
    }

    private static void validateAesKey(String str) {
        if (StringUtils.isBlank(str)) {
            throw new CryptoRuntimeException("Key cannot be empty.");
        }
        validateAesKey(str.getBytes());
    }

    private static void validateAesKey(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            throw new CryptoRuntimeException("Invalid empty key. Key must be 128 or 256 bits hexadecimal encoded.");
        }
        try {
            byte[] decode = Hex.decode(bArr);
            if (decode.length != 16 && decode.length != 32) {
                throw new CryptoRuntimeException("Invalid key size of " + (decode.length * 8) + " bits. Expected key size is 128 or 256 bits.");
            }
        } catch (Exception e) {
            throw new CryptoRuntimeException("Could not decode key. Key must be 128 or 256 bits hexadecimal encoded.", e);
        }
    }
}
